6 Replies

I had a similar setup on our network. We are using the same DHCP Server for both networks on two separate VLANs. I added a second NIC to the Server (running on vmware) so that it would have an IP address on the new VLAN. I then set the ip helpder-address to the new IP of the DHCP Server.

Otherwise you would need to allow access between VLANs so they can both access the DHCP Server.

*edit
You also need to make sure each port/trunk is assigned to your new VLAN leading up to the DHCP Server, otherwise your devices (AP's) will not be able to connect.

You will either need to do the above, or you will need to ensure that the dhcp server has a route back to the other VLAN. Not very familiar with default behavior on dell network equipment, but I don't see anything on the first config that would route traffic for the other network (VLAN802), so even though you have given the secondary config the ability to know how to go up-stream, there is likely no traffic returning.

You might be able to get away with a route statement on the DHCP server if you want to hide the network from internal systems being able to route to VLAN802 easily. Just roue the network to the 10.2 address of the connected equipment. Then you would add your ip helper-address in.

Thanks for posting up the running configs of the switches. I will make some presumptions based on the configs, please correct me if I am wrong.

On the 6224 I would look at changing your switch to switch connection from Trunk mode to General mode. on the PowerConnect 6224 series switches, you must use General mode if you want to allow management traffic onto the switch over the PVID. If you use Trunk mode, you will not have the default VLAN on those ports. The ports will only allow tagged traffic. Something else to keep in mind is that the PVID/native VLAN on 6224 switches is not typically routable. This means it may be a good idea to separate your local network VLAN and management VLAN, because right now on the 6224 that traffic is all on VLAN 10.

On the 5448 Trunk mode should work just fine for the connection to the switch and access point.
console(config-if)# switchport mode trunk
console(config-if)# switchport trunk allowed vlan add 10,802

With the 5448 being L2 is should not need any IP addresses assigned to VLAN 10 and 802. It just needs the VLANs in the VLAN database.

The access point will need to be configured to send tagged packets for the desired VLAN of each SSID. If it is not setup this way, the port will receive untagged frames and place them all on the native VLAN.

Clients will need to have a default gateway of the VLAN they are participating in. For example a workstation in VLAN 802 will need a DG of 192.168.10.1

Unless you have multiple DHCP servers you plan on servicing different VLANs, I would set the IP helper commands globally instead of under just VLAN 802. And then be sure to run the enable command.
#ip helper enable

Remember to start small and work your way out. A good starting point would be confirming the 6224 VLAN routing is working. You can do this by placing one workstation on an access port for one VLAN and another workstation on a port in access mode for a different VLAN, and then ensuring they can communicate with each other.

Once VLAN routing is working on the 6224 you can branch out and try VLAN routing across the two switches, and continue branching out to the access point. Making sure to tackle any roadblocks before moving on.

Hope some of this information helps, or gets you pointed in the right direction. If you are using Windows Vista/7/8 workstations, make sure to disable the Windows firewall while performing ping tests.

1st Post

I'm not sure about Dell's but I have a similar setup on a Cisco 4510R. Only I have the switch doing DHCP on that vlan and block traffic to all other VLANs. The switch itself hands out the 192.x.x.x and uses the VLAN's gateway for internet connectivity. You shouldn't be able to configure a 192.x.x.x VLAN to pull a 10.x.x.x IP from DHCP.

DHCP worked by adding 192.168.10.5 address to my current DHCP servers NIC. However those dhcp clients cannot get out to the internet.(The gateway address is set to 192.168.10.1)If it were possible I would prefer to not configure the server this way.

I moved the management vlan to vlan 99 with an entirely different ip address.

The PowerConnect config looks ok to me. Is the DHCP server setup with multiple scopes for the different VLANs? On the PowerConnect you have a static route pointing to 10.2.254.250 as the next hop already, but in some cases you do need to place a static route on the routing helping traffic back to the specific VLAN/Subnet on the PowerConnect.

0

This topic has been locked by an administrator and is no longer open for commenting.